For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Automate import of SSL Certificate, Key & CRL from BIG-IP to BIG-IQ

The functionality to automate the import of SSL cert & key from BIG-IP to BIG-IQ is available in the product starting BIG-IQ 7.0 and above. This script should not be used on BIG-IQ 7.0+ as it h...
Updated Jun 06, 2023
Version 3.0
application delivery
BIG-IP
BIG-IQ
certificate
ssl
RomanJ's avatar
Ret. Employee
Product Manager working at F5 Networks. I specialize in automation and multi-cloud deployment. I spend my time building product roadmap, improving user experience, and focusing on customer workflows.
View Profile
Simon_Lodge's avatar
Simon_Lodge
Icon for Nimbostratus rankNimbostratus
Sep 06, 2018

Hi Roman,

 

Firstly, thanks for the quick response.

 

Ideally, it would be fantastic if you could get the script to ignore the cert/key pairs protected by password (perhaps by inserting a flag), then report on the pairs it has skipped due to this issue - is this something you would consider looking at?

 

My particular problem is that I don't control the passwords set on cert/key pairs, the service owners do, and the F5 estate in my org currently holds approx. 15,000 SSL cert/key pairs, so following up with every service owner/group is very time-consuming and ultimately I don't have the resources to do so.

 

If I had the option to import the non-secured cert/key pairs whilst retaining a record of what's left that would allow me to start managing these whilst defining a standard set of passwords to secure cert/key pairs going forward.

 

Many thanks,

 

Simon